| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ungewünschte Emails an Kontakte werden verschicktWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.11.2012, 11:59
| #1 |
 |  Ungewünschte Emails an Kontakte werden verschickt Hallo, ich habe nun schon seit einiger Zeit das Problem, dass immer wieder ungewünschte Emails an meine Kontakte verschickt werden. Ich habe jetzt das Passwort geändert und meine Kontakte gelöscht. Ich gehe aber davon aus, dass mein PC immer noch "verseucht" ist. Nun lasse ich gerade mit Norton einen vollständigen Systemscan laufen. Was kann ich noch machen? |
|
04.11.2012, 14:02
| #2 | |
| /// TB-Ausbilder  | Ungewünschte Emails an Kontakte werden verschickt Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich. Schritt 1: Laufwerksemulationen abschalten mit Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es:Schritt 2: Scan mit aswMBR Schritt 3: Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.
__________________ |
|
04.11.2012, 16:14
| #3 |
| | Ungewünschte Emails an Kontakte werden verschickt Hallo,
__________________erstmal vielen Dan für deine Hilfe. Zu Schritt 1: Ich hab die .txt-datei in den Anhang gepackt. Beim zweiten Schritt bekam ich während des Scans die Nachricht, dass Anitrootkit nicht mehr funktioniert (hab einen Screenshot angefügt). Soll ich den Scan nun nochmal ausführen? |
|
04.11.2012, 16:29
| #4 | |
| /// TB-Ausbilder | Ungewünschte Emails an Kontakte werden verschickt Nein, brauchst du nicht, was ich sehen wollte habe ich gesehen. Schritt 3 bitte.
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
04.11.2012, 16:35
| #5 |
| | Ungewünschte Emails an Kontakte werden verschickt Hier die Ergebnisse von Schritt 3: Code:
ATTFilter 16:30:33.0843 5880 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:30:34.0093 5880 ============================================================
16:30:34.0093 5880 Current date / time: 2012/11/04 16:30:34.0093
16:30:34.0093 5880 SystemInfo:
16:30:34.0093 5880
16:30:34.0093 5880 OS Version: 6.1.7600 ServicePack: 0.0
16:30:34.0093 5880 Product type: Workstation
16:30:34.0093 5880 ComputerName: CORINNA-PC
16:30:34.0093 5880 UserName: Corinna
16:30:34.0093 5880 Windows directory: C:\Windows
16:30:34.0093 5880 System windows directory: C:\Windows
16:30:34.0093 5880 Running under WOW64
16:30:34.0093 5880 Processor architecture: Intel x64
16:30:34.0093 5880 Number of processors: 2
16:30:34.0093 5880 Page size: 0x1000
16:30:34.0093 5880 Boot type: Normal boot
16:30:34.0093 5880 ============================================================
16:30:37.0133 5880 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:30:37.0193 5880 Drive \Device\Harddisk1\DR1 - Size: 0x79E80000 (1.90 Gb), SectorSize: 0x200, Cylinders: 0xF8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:30:37.0203 5880 ============================================================
16:30:37.0203 5880 \Device\Harddisk0\DR0:
16:30:37.0203 5880 MBR partitions:
16:30:37.0203 5880 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
16:30:37.0203 5880 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x38BE3030
16:30:37.0203 5880 \Device\Harddisk1\DR1:
16:30:37.0203 5880 MBR partitions:
16:30:37.0203 5880 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0xF7, BlocksNum 0x3CF309
16:30:37.0203 5880 ============================================================
16:30:37.0253 5880 C: <-> \Device\Harddisk0\DR0\Partition2
16:30:37.0253 5880 ============================================================
16:30:37.0253 5880 Initialize success
16:30:37.0253 5880 ============================================================
16:31:04.0353 4556 ============================================================
16:31:04.0353 4556 Scan started
16:31:04.0353 4556 Mode: Manual; TDLFS;
16:31:04.0353 4556 ============================================================
16:31:04.0933 4556 ================ Scan system memory ========================
16:31:04.0933 4556 System memory - ok
16:31:04.0943 4556 ================ Scan services =============================
16:31:05.0263 4556 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
16:31:05.0263 4556 1394ohci - ok
16:31:05.0303 4556 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
16:31:05.0313 4556 ACPI - ok
16:31:05.0333 4556 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
16:31:05.0333 4556 AcpiPmi - ok
16:31:05.0533 4556 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:31:05.0533 4556 AdobeARMservice - ok
16:31:05.0613 4556 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:31:05.0643 4556 adp94xx - ok
16:31:05.0673 4556 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:31:05.0683 4556 adpahci - ok
16:31:05.0703 4556 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:31:05.0703 4556 adpu320 - ok
16:31:05.0733 4556 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:31:05.0733 4556 AeLookupSvc - ok
16:31:05.0803 4556 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
16:31:05.0803 4556 AFD - ok
16:31:05.0833 4556 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
16:31:05.0833 4556 agp440 - ok
16:31:05.0893 4556 [ 94C0972B06C75456ED574DD46417B1D8 ] aksdf C:\Windows\system32\drivers\aksdf.sys
16:31:05.0893 4556 aksdf - ok
16:31:05.0923 4556 [ A56F1B0F967AEF8A82D7771E6D166DEF ] akshasp C:\Windows\system32\DRIVERS\akshasp.sys
16:31:05.0923 4556 akshasp - ok
16:31:05.0953 4556 [ A9A09BC526E614CE9F29BB23C2A76CED ] aksusb C:\Windows\system32\DRIVERS\aksusb.sys
16:31:05.0953 4556 aksusb - ok
16:31:05.0973 4556 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:31:05.0973 4556 ALG - ok
16:31:05.0993 4556 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
16:31:05.0993 4556 aliide - ok
16:31:06.0043 4556 [ D0D8877969011D1B0ED9C3C55A9A9108 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:31:06.0043 4556 AMD External Events Utility - ok
16:31:06.0063 4556 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
16:31:06.0063 4556 amdide - ok
16:31:06.0083 4556 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:31:06.0083 4556 AmdK8 - ok
16:31:06.0093 4556 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:31:06.0103 4556 AmdPPM - ok
16:31:06.0123 4556 [ 12A5062C06E03FF70DB47800F91C7A13 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
16:31:06.0123 4556 amdsata - ok
16:31:06.0163 4556 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:31:06.0163 4556 amdsbs - ok
16:31:06.0203 4556 [ 8A7F289B45CEACAC761E14D5FAC59EB9 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
16:31:06.0203 4556 amdxata - ok
16:31:06.0263 4556 [ 9815014F3E30357168DA272088C6F12F ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
16:31:06.0303 4556 ApfiltrService - ok
16:31:06.0333 4556 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
16:31:06.0333 4556 AppID - ok
16:31:06.0413 4556 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:31:06.0413 4556 AppIDSvc - ok
16:31:06.0453 4556 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
16:31:06.0453 4556 Appinfo - ok
16:31:06.0573 4556 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:31:06.0573 4556 Apple Mobile Device - ok
16:31:06.0603 4556 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
16:31:06.0603 4556 arc - ok
16:31:06.0623 4556 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:31:06.0623 4556 arcsas - ok
16:31:06.0633 4556 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:31:06.0633 4556 AsyncMac - ok
16:31:06.0653 4556 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
16:31:06.0653 4556 atapi - ok
16:31:06.0743 4556 [ 5D4529AC4156E16BEDB01441AE0CF984 ] athr C:\Windows\system32\DRIVERS\athrx.sys
16:31:06.0783 4556 athr - ok
16:31:06.0823 4556 [ 38467FF83C2B4265D51F418812A91E3C ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
16:31:06.0823 4556 AtiHdmiService - ok
16:31:06.0983 4556 [ C5758BF1DFD762A5B17041FF061B7750 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:31:07.0123 4556 atikmdag - ok
16:31:07.0183 4556 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
16:31:07.0183 4556 AtiPcie - ok
16:31:07.0243 4556 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:31:07.0263 4556 AudioEndpointBuilder - ok
16:31:07.0283 4556 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:31:07.0293 4556 AudioSrv - ok
16:31:07.0333 4556 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:31:07.0333 4556 AxInstSV - ok
16:31:07.0383 4556 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:31:07.0393 4556 b06bdrv - ok
16:31:07.0443 4556 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:31:07.0453 4556 b57nd60a - ok
16:31:07.0503 4556 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
16:31:07.0553 4556 BCM43XX - ok
16:31:07.0573 4556 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:31:07.0573 4556 BDESVC - ok
16:31:07.0593 4556 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:31:07.0593 4556 Beep - ok
16:31:07.0663 4556 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
16:31:07.0683 4556 BFE - ok
16:31:07.0923 4556 [ 652F4D186325B69FFE80EE18AE9ACC77 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121005.002\BHDrvx64.sys
16:31:07.0963 4556 BHDrvx64 - ok
16:31:08.0033 4556 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
16:31:08.0063 4556 BITS - ok
16:31:08.0113 4556 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:31:08.0113 4556 blbdrive - ok
16:31:08.0173 4556 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
16:31:08.0183 4556 Bonjour Service - ok
16:31:08.0233 4556 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:31:08.0233 4556 bowser - ok
16:31:08.0243 4556 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:31:08.0243 4556 BrFiltLo - ok
16:31:08.0253 4556 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:31:08.0253 4556 BrFiltUp - ok
16:31:08.0273 4556 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
16:31:08.0283 4556 Browser - ok
16:31:08.0303 4556 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:31:08.0303 4556 Brserid - ok
16:31:08.0313 4556 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:31:08.0313 4556 BrSerWdm - ok
16:31:08.0323 4556 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:31:08.0323 4556 BrUsbMdm - ok
16:31:08.0323 4556 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:31:08.0323 4556 BrUsbSer - ok
16:31:08.0343 4556 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:31:08.0343 4556 BTHMODEM - ok
16:31:08.0373 4556 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:31:08.0373 4556 bthserv - ok
16:31:08.0423 4556 [ D1787E11C6A0078DDEAF8CF3EE2AB293 ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys
16:31:08.0433 4556 CAXHWAZL - ok
16:31:08.0573 4556 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys
16:31:08.0583 4556 ccSet_NIS - ok
16:31:08.0603 4556 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:31:08.0603 4556 cdfs - ok
16:31:08.0633 4556 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:31:08.0633 4556 cdrom - ok
16:31:08.0663 4556 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
16:31:08.0663 4556 CertPropSvc - ok
16:31:08.0703 4556 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:31:08.0703 4556 circlass - ok
16:31:08.0723 4556 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:31:08.0733 4556 CLFS - ok
16:31:08.0803 4556 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:31:08.0803 4556 clr_optimization_v2.0.50727_32 - ok
16:31:08.0853 4556 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:31:08.0853 4556 clr_optimization_v2.0.50727_64 - ok
16:31:08.0983 4556 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:31:08.0983 4556 clr_optimization_v4.0.30319_32 - ok
16:31:09.0063 4556 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:31:09.0073 4556 clr_optimization_v4.0.30319_64 - ok
16:31:09.0113 4556 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:31:09.0113 4556 CmBatt - ok
16:31:09.0123 4556 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
16:31:09.0123 4556 cmdide - ok
16:31:09.0183 4556 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
16:31:09.0203 4556 CNG - ok
16:31:09.0233 4556 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:31:09.0233 4556 Compbatt - ok
16:31:09.0263 4556 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:31:09.0263 4556 CompositeBus - ok
16:31:09.0273 4556 COMSysApp - ok
16:31:09.0283 4556 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:31:09.0283 4556 crcdisk - ok
16:31:09.0333 4556 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:31:09.0333 4556 CryptSvc - ok
16:31:09.0373 4556 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:31:09.0393 4556 DcomLaunch - ok
16:31:09.0423 4556 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:31:09.0423 4556 defragsvc - ok
16:31:09.0453 4556 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:31:09.0453 4556 DfsC - ok
16:31:09.0493 4556 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
16:31:09.0503 4556 Dhcp - ok
16:31:09.0543 4556 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:31:09.0543 4556 discache - ok
16:31:09.0573 4556 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:31:09.0573 4556 Disk - ok
16:31:09.0773 4556 [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr C:\Windows\syswow64\Drivers\DKbFltr.sys
16:31:09.0773 4556 DKbFltr - ok
16:31:09.0823 4556 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:31:09.0823 4556 Dnscache - ok
16:31:09.0843 4556 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
16:31:09.0853 4556 dot3svc - ok
16:31:09.0873 4556 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
16:31:09.0873 4556 DPS - ok
16:31:09.0883 4556 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:31:09.0883 4556 drmkaud - ok
16:31:09.0933 4556 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:31:09.0973 4556 DXGKrnl - ok
16:31:09.0993 4556 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:31:09.0993 4556 EapHost - ok
16:31:10.0103 4556 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:31:10.0163 4556 ebdrv - ok
16:31:10.0233 4556 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:31:10.0253 4556 eeCtrl - ok
16:31:10.0283 4556 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
16:31:10.0293 4556 EFS - ok
16:31:10.0373 4556 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:31:10.0393 4556 ehRecvr - ok
16:31:10.0413 4556 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:31:10.0423 4556 ehSched - ok
16:31:10.0463 4556 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:31:10.0483 4556 elxstor - ok
16:31:10.0613 4556 [ 7C35C6865957289D9EFE6CC73F4AB2E1 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
16:31:10.0643 4556 ePowerSvc - ok
16:31:10.0743 4556 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:31:10.0743 4556 EraserUtilRebootDrv - ok
16:31:10.0763 4556 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
16:31:10.0773 4556 ErrDev - ok
16:31:10.0843 4556 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:31:10.0853 4556 EventSystem - ok
16:31:10.0873 4556 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:31:10.0873 4556 exfat - ok
16:31:10.0893 4556 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:31:10.0903 4556 fastfat - ok
16:31:10.0943 4556 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
16:31:10.0963 4556 Fax - ok
16:31:10.0993 4556 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:31:10.0993 4556 fdc - ok
16:31:11.0013 4556 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:31:11.0023 4556 fdPHost - ok
16:31:11.0023 4556 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:31:11.0023 4556 FDResPub - ok
16:31:11.0033 4556 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:31:11.0033 4556 FileInfo - ok
16:31:11.0043 4556 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:31:11.0043 4556 Filetrace - ok
16:31:11.0063 4556 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:31:11.0073 4556 flpydisk - ok
16:31:11.0103 4556 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:31:11.0103 4556 FltMgr - ok
16:31:11.0153 4556 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
16:31:11.0193 4556 FontCache - ok
16:31:11.0223 4556 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:31:11.0223 4556 FontCache3.0.0.0 - ok
16:31:11.0233 4556 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:31:11.0233 4556 FsDepends - ok
16:31:11.0263 4556 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:31:11.0263 4556 Fs_Rec - ok
16:31:11.0303 4556 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:31:11.0303 4556 fvevol - ok
16:31:11.0333 4556 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:31:11.0333 4556 gagp30kx - ok
16:31:11.0403 4556 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:31:11.0403 4556 GEARAspiWDM - ok
16:31:11.0463 4556 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
16:31:11.0483 4556 gpsvc - ok
16:31:11.0593 4556 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
16:31:11.0633 4556 Greg_Service - ok
16:31:11.0743 4556 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:31:11.0753 4556 gupdate - ok
16:31:11.0793 4556 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:31:11.0803 4556 gupdatem - ok
16:31:11.0843 4556 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:31:11.0853 4556 gusvc - ok
16:31:11.0923 4556 [ 78FAD9117E4527F2CA82259DA10F40BD ] hardlock C:\Windows\system32\drivers\hardlock.sys
16:31:11.0943 4556 hardlock - ok
16:31:11.0983 4556 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:31:11.0983 4556 hcw85cir - ok
16:31:12.0013 4556 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:31:12.0023 4556 HdAudAddService - ok
16:31:12.0053 4556 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:31:12.0053 4556 HDAudBus - ok
16:31:12.0053 4556 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:31:12.0053 4556 HidBatt - ok
16:31:12.0063 4556 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:31:12.0063 4556 HidBth - ok
16:31:12.0073 4556 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:31:12.0073 4556 HidIr - ok
16:31:12.0113 4556 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:31:12.0113 4556 hidserv - ok
16:31:12.0133 4556 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:31:12.0143 4556 HidUsb - ok
16:31:12.0173 4556 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:31:12.0173 4556 hkmsvc - ok
16:31:12.0193 4556 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:31:12.0203 4556 HomeGroupListener - ok
16:31:12.0233 4556 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:31:12.0233 4556 HomeGroupProvider - ok
16:31:12.0243 4556 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
16:31:12.0243 4556 HpSAMD - ok
16:31:12.0293 4556 [ 447256D1C026654C5CD3CC17E7B20631 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
16:31:12.0313 4556 HsfXAudioService - ok
16:31:12.0383 4556 [ 26C5D00321937E49B6BC91029947D094 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
16:31:12.0413 4556 HSF_DPV - ok
16:31:12.0463 4556 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:31:12.0483 4556 HTTP - ok
16:31:12.0493 4556 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:31:12.0493 4556 hwpolicy - ok
16:31:12.0513 4556 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:31:12.0523 4556 i8042prt - ok
16:31:12.0563 4556 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:31:12.0563 4556 iaStorV - ok
16:31:12.0613 4556 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:31:12.0643 4556 idsvc - ok
16:31:12.0873 4556 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121102.001\IDSvia64.sys
16:31:12.0893 4556 IDSVia64 - ok
16:31:13.0063 4556 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:31:13.0223 4556 igfx - ok
16:31:13.0223 4556 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:31:13.0233 4556 iirsp - ok
16:31:13.0263 4556 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
16:31:13.0283 4556 IKEEXT - ok
16:31:13.0383 4556 [ 9AA6A93852E36FE76C3F7FC2904F3B01 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:31:13.0433 4556 IntcAzAudAddService - ok
16:31:13.0493 4556 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
16:31:13.0493 4556 intelide - ok
16:31:13.0533 4556 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:31:13.0533 4556 intelppm - ok
16:31:13.0603 4556 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:31:13.0603 4556 IPBusEnum - ok
16:31:13.0663 4556 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:31:13.0663 4556 IpFilterDriver - ok
16:31:13.0723 4556 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:31:13.0743 4556 iphlpsvc - ok
16:31:13.0753 4556 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:31:13.0753 4556 IPMIDRV - ok
16:31:13.0753 4556 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:31:13.0753 4556 IPNAT - ok
16:31:13.0813 4556 [ 81826A13598A7FEAA9E391190E9B539A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:31:13.0833 4556 iPod Service - ok
16:31:13.0863 4556 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:31:13.0863 4556 IRENUM - ok
16:31:13.0873 4556 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
16:31:13.0873 4556 isapnp - ok
16:31:13.0893 4556 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:31:13.0893 4556 iScsiPrt - ok
16:31:13.0923 4556 [ 249EE2D26CB1530F3BEDE0AC8B9E3099 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
16:31:13.0933 4556 k57nd60a - ok
16:31:13.0943 4556 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:31:13.0943 4556 kbdclass - ok
16:31:13.0953 4556 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:31:13.0953 4556 kbdhid - ok
16:31:13.0963 4556 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
16:31:13.0963 4556 KeyIso - ok
16:31:14.0003 4556 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:31:14.0003 4556 KSecDD - ok
16:31:14.0033 4556 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:31:14.0033 4556 KSecPkg - ok
16:31:14.0063 4556 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:31:14.0063 4556 ksthunk - ok
16:31:14.0103 4556 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:31:14.0113 4556 KtmRm - ok
16:31:14.0123 4556 [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
16:31:14.0123 4556 L1E - ok
16:31:14.0163 4556 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:31:14.0173 4556 LanmanServer - ok
16:31:14.0193 4556 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:31:14.0203 4556 LanmanWorkstation - ok
16:31:14.0253 4556 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:31:14.0253 4556 lltdio - ok
16:31:14.0283 4556 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:31:14.0283 4556 lltdsvc - ok
16:31:14.0293 4556 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:31:14.0293 4556 lmhosts - ok
16:31:14.0323 4556 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:31:14.0323 4556 LSI_FC - ok
16:31:14.0343 4556 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:31:14.0343 4556 LSI_SAS - ok
16:31:14.0353 4556 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:31:14.0353 4556 LSI_SAS2 - ok
16:31:14.0353 4556 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:31:14.0363 4556 LSI_SCSI - ok
16:31:14.0393 4556 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:31:14.0393 4556 luafv - ok
16:31:14.0433 4556 [ 07389F6925E490D2DB7882110E99921C ] lvpepf64 C:\Windows\system32\DRIVERS\lv302a64.sys
16:31:14.0433 4556 lvpepf64 - ok
16:31:14.0473 4556 [ 7F0BA3A6E8996F15693C6B7D81DA049E ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
16:31:14.0493 4556 LVRS64 - ok
16:31:14.0543 4556 [ 5C3FF68267A5D242EE79EE01B993D6CE ] LVUSBS64 C:\Windows\system32\drivers\LVUSBS64.sys
16:31:14.0543 4556 LVUSBS64 - ok
16:31:14.0583 4556 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:31:14.0583 4556 Mcx2Svc - ok
16:31:14.0613 4556 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:31:14.0613 4556 mdmxsdk - ok
16:31:14.0643 4556 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:31:14.0643 4556 megasas - ok
16:31:14.0663 4556 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:31:14.0663 4556 MegaSR - ok
16:31:14.0693 4556 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:31:14.0693 4556 MMCSS - ok
16:31:14.0703 4556 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:31:14.0703 4556 Modem - ok
16:31:14.0713 4556 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:31:14.0713 4556 monitor - ok
16:31:14.0733 4556 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:31:14.0733 4556 mouclass - ok
16:31:14.0743 4556 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:31:14.0753 4556 mouhid - ok
16:31:14.0753 4556 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:31:14.0753 4556 mountmgr - ok
16:31:14.0833 4556 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:31:14.0833 4556 MozillaMaintenance - ok
16:31:14.0853 4556 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
16:31:14.0863 4556 mpio - ok
16:31:14.0863 4556 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:31:14.0863 4556 mpsdrv - ok
16:31:14.0903 4556 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:31:14.0923 4556 MpsSvc - ok
16:31:14.0933 4556 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:31:14.0933 4556 MRxDAV - ok
16:31:14.0973 4556 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:31:14.0973 4556 mrxsmb - ok
16:31:15.0013 4556 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:31:15.0023 4556 mrxsmb10 - ok
16:31:15.0053 4556 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:31:15.0053 4556 mrxsmb20 - ok
16:31:15.0063 4556 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
16:31:15.0073 4556 msahci - ok
16:31:15.0083 4556 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
16:31:15.0083 4556 msdsm - ok
16:31:15.0103 4556 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:31:15.0113 4556 MSDTC - ok
16:31:15.0133 4556 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:31:15.0133 4556 Msfs - ok
16:31:15.0133 4556 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:31:15.0133 4556 mshidkmdf - ok
16:31:15.0143 4556 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
16:31:15.0143 4556 msisadrv - ok
16:31:15.0183 4556 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:31:15.0193 4556 MSiSCSI - ok
16:31:15.0193 4556 msiserver - ok
16:31:15.0203 4556 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:31:15.0203 4556 MSKSSRV - ok
16:31:15.0223 4556 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:31:15.0223 4556 MSPCLOCK - ok
16:31:15.0233 4556 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:31:15.0233 4556 MSPQM - ok
16:31:15.0243 4556 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:31:15.0243 4556 MsRPC - ok
16:31:15.0263 4556 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:31:15.0263 4556 mssmbios - ok
16:31:15.0273 4556 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:31:15.0273 4556 MSTEE - ok
16:31:15.0283 4556 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:31:15.0283 4556 MTConfig - ok
16:31:15.0303 4556 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:31:15.0303 4556 Mup - ok
16:31:15.0333 4556 [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
16:31:15.0333 4556 mwlPSDFilter - ok
16:31:15.0343 4556 [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
16:31:15.0343 4556 mwlPSDNServ - ok
16:31:15.0353 4556 [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
16:31:15.0353 4556 mwlPSDVDisk - ok
16:31:15.0433 4556 [ 0F5FAAC852DB4C340B7A2F187E3358B8 ] MWLService C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
16:31:15.0443 4556 MWLService - ok
16:31:15.0483 4556 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
16:31:15.0503 4556 napagent - ok
16:31:15.0573 4556 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:31:15.0583 4556 NativeWifiP - ok
16:31:15.0703 4556 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121103.005\ENG64.SYS
16:31:15.0713 4556 NAVENG - ok
16:31:15.0793 4556 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121103.005\EX64.SYS
16:31:15.0873 4556 NAVEX15 - ok
16:31:15.0933 4556 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
16:31:15.0973 4556 NDIS - ok
16:31:15.0983 4556 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:31:15.0993 4556 NdisCap - ok
16:31:16.0003 4556 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:31:16.0003 4556 NdisTapi - ok
16:31:16.0013 4556 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:31:16.0013 4556 Ndisuio - ok
16:31:16.0023 4556 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:31:16.0023 4556 NdisWan - ok
16:31:16.0033 4556 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:31:16.0033 4556 NDProxy - ok
16:31:16.0043 4556 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:31:16.0043 4556 NetBIOS - ok
16:31:16.0063 4556 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:31:16.0063 4556 NetBT - ok
16:31:16.0083 4556 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
16:31:16.0093 4556 Netlogon - ok
16:31:16.0133 4556 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:31:16.0133 4556 Netman - ok
16:31:16.0153 4556 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:31:16.0163 4556 netprofm - ok
16:31:16.0193 4556 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:31:16.0193 4556 NetTcpPortSharing - ok
16:31:16.0203 4556 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:31:16.0203 4556 nfrd960 - ok
16:31:16.0403 4556 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
16:31:16.0413 4556 NIS - ok
16:31:16.0463 4556 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:31:16.0483 4556 NlaSvc - ok
16:31:16.0503 4556 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:31:16.0503 4556 Npfs - ok
16:31:16.0533 4556 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:31:16.0533 4556 nsi - ok
16:31:16.0553 4556 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:31:16.0553 4556 nsiproxy - ok
16:31:16.0633 4556 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:31:16.0673 4556 Ntfs - ok
16:31:16.0763 4556 [ 70E3EB0CEF795D348F05E5A9B115F491 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
16:31:16.0763 4556 NTI IScheduleSvc - ok
16:31:16.0823 4556 [ FD324CCE1D4D5BB5AF65F8E55B462C7E ] NTIBackupSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
16:31:16.0833 4556 NTIBackupSvc - ok
16:31:16.0853 4556 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
16:31:16.0863 4556 NTIDrvr - ok
16:31:16.0893 4556 [ 3F6268A2EC33CD38CF75C880AF8DED42 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
16:31:16.0903 4556 NTISchedulerSvc - ok
16:31:16.0943 4556 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:31:16.0943 4556 Null - ok
16:31:16.0973 4556 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:31:16.0973 4556 nvraid - ok
16:31:17.0033 4556 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:31:17.0043 4556 nvstor - ok
16:31:17.0063 4556 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
16:31:17.0073 4556 nv_agp - ok
16:31:17.0093 4556 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:31:17.0093 4556 ohci1394 - ok
16:31:17.0193 4556 [ 3D70B0630342132EBC1FF5CFF483E6C0 ] OpenSSHd C:\Program Files (x86)\OpenSSH\bin\cygrunsrv.exe
16:31:17.0193 4556 OpenSSHd - ok
16:31:17.0283 4556 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:31:17.0283 4556 ose - ok
16:31:17.0493 4556 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:31:17.0623 4556 osppsvc - ok
16:31:17.0673 4556 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:31:17.0683 4556 p2pimsvc - ok
16:31:17.0713 4556 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:31:17.0733 4556 p2psvc - ok
16:31:17.0763 4556 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:31:17.0763 4556 Parport - ok
16:31:17.0813 4556 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:31:17.0813 4556 partmgr - ok
16:31:17.0823 4556 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:31:17.0823 4556 PcaSvc - ok
16:31:17.0833 4556 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
16:31:17.0843 4556 pci - ok
16:31:17.0863 4556 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
16:31:17.0863 4556 pciide - ok
16:31:17.0883 4556 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:31:17.0883 4556 pcmcia - ok
16:31:17.0893 4556 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:31:17.0893 4556 pcw - ok
16:31:17.0913 4556 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:31:17.0933 4556 PEAUTH - ok
16:31:18.0093 4556 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:31:18.0093 4556 PerfHost - ok
16:31:18.0213 4556 [ 087A343DFC337F37723DD7912DE6B6CD ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V64.SYS
16:31:18.0273 4556 PID_PEPI - ok
16:31:18.0343 4556 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
16:31:18.0373 4556 pla - ok
16:31:18.0433 4556 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:31:18.0453 4556 PlugPlay - ok
16:31:18.0473 4556 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:31:18.0483 4556 PNRPAutoReg - ok
16:31:18.0493 4556 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:31:18.0493 4556 PNRPsvc - ok
16:31:18.0523 4556 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:31:18.0543 4556 PolicyAgent - ok
16:31:18.0573 4556 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:31:18.0573 4556 Power - ok
16:31:18.0613 4556 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:31:18.0613 4556 PptpMiniport - ok
16:31:18.0643 4556 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:31:18.0643 4556 Processor - ok
16:31:18.0693 4556 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
16:31:18.0713 4556 ProfSvc - ok
16:31:18.0733 4556 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:31:18.0733 4556 ProtectedStorage - ok
16:31:18.0763 4556 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:31:18.0763 4556 Psched - ok
16:31:18.0803 4556 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:31:18.0843 4556 ql2300 - ok
16:31:18.0853 4556 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:31:18.0853 4556 ql40xx - ok
16:31:18.0873 4556 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:31:18.0883 4556 QWAVE - ok
16:31:18.0883 4556 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:31:18.0883 4556 QWAVEdrv - ok
16:31:18.0893 4556 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:31:18.0893 4556 RasAcd - ok
16:31:18.0933 4556 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:31:18.0933 4556 RasAgileVpn - ok
16:31:18.0953 4556 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:31:18.0953 4556 RasAuto - ok
16:31:18.0963 4556 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:31:18.0963 4556 Rasl2tp - ok
16:31:18.0993 4556 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
16:31:19.0003 4556 RasMan - ok
16:31:19.0023 4556 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:31:19.0023 4556 RasPppoe - ok
16:31:19.0053 4556 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:31:19.0053 4556 RasSstp - ok
16:31:19.0063 4556 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:31:19.0073 4556 rdbss - ok
16:31:19.0073 4556 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:31:19.0073 4556 rdpbus - ok
16:31:19.0083 4556 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:31:19.0083 4556 RDPCDD - ok
16:31:19.0103 4556 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:31:19.0103 4556 RDPENCDD - ok
16:31:19.0113 4556 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:31:19.0113 4556 RDPREFMP - ok
16:31:19.0163 4556 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:31:19.0173 4556 RDPWD - ok
16:31:19.0203 4556 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:31:19.0203 4556 rdyboost - ok
16:31:19.0243 4556 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:31:19.0243 4556 RemoteAccess - ok
16:31:19.0263 4556 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:31:19.0273 4556 RemoteRegistry - ok
16:31:19.0283 4556 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:31:19.0293 4556 RpcEptMapper - ok
16:31:19.0303 4556 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:31:19.0303 4556 RpcLocator - ok
16:31:19.0333 4556 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
16:31:19.0343 4556 RpcSs - ok
16:31:19.0373 4556 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:31:19.0373 4556 rspndr - ok
16:31:19.0433 4556 [ 2DB8116D52B19216812C4E6D5D837810 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
16:31:19.0443 4556 RSUSBSTOR - ok
16:31:19.0453 4556 RtsUIR - ok
16:31:19.0473 4556 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
16:31:19.0473 4556 SamSs - ok
16:31:19.0503 4556 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
16:31:19.0503 4556 sbp2port - ok
16:31:19.0513 4556 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:31:19.0523 4556 SCardSvr - ok
16:31:19.0523 4556 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:31:19.0523 4556 scfilter - ok
16:31:19.0583 4556 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
16:31:19.0633 4556 Schedule - ok
16:31:19.0663 4556 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:31:19.0663 4556 SCPolicySvc - ok
16:31:19.0683 4556 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:31:19.0693 4556 SDRSVC - ok
16:31:19.0723 4556 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:31:19.0723 4556 secdrv - ok
16:31:19.0733 4556 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
16:31:19.0733 4556 seclogon - ok
16:31:19.0753 4556 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:31:19.0753 4556 SENS - ok
16:31:19.0773 4556 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:31:19.0773 4556 SensrSvc - ok
16:31:19.0793 4556 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:31:19.0793 4556 Serenum - ok
16:31:19.0803 4556 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:31:19.0803 4556 Serial - ok
16:31:19.0813 4556 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:31:19.0813 4556 sermouse - ok
16:31:19.0843 4556 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
16:31:19.0843 4556 SessionEnv - ok
16:31:19.0853 4556 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
16:31:19.0853 4556 sffdisk - ok
16:31:19.0863 4556 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:31:19.0863 4556 sffp_mmc - ok
16:31:19.0863 4556 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
16:31:19.0863 4556 sffp_sd - ok
16:31:19.0873 4556 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:31:19.0873 4556 sfloppy - ok
16:31:19.0913 4556 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:31:19.0913 4556 SharedAccess - ok
16:31:19.0943 4556 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:31:19.0953 4556 ShellHWDetection - ok
16:31:19.0953 4556 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:31:19.0953 4556 SiSRaid2 - ok
16:31:19.0963 4556 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:31:19.0963 4556 SiSRaid4 - ok
16:31:20.0043 4556 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:31:20.0053 4556 SkypeUpdate - ok
16:31:20.0083 4556 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:31:20.0083 4556 Smb - ok
16:31:20.0183 4556 [ D48F87803F3965EE04D9BCB318791AAB ] SMR311 C:\Windows\system32\drivers\SMR311.SYS
16:31:20.0183 4556 SMR311 - ok
16:31:20.0233 4556 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:31:20.0233 4556 SNMPTRAP - ok
16:31:20.0253 4556 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:31:20.0253 4556 spldr - ok
16:31:20.0293 4556 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
16:31:20.0313 4556 Spooler - ok
16:31:20.0423 4556 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
16:31:20.0523 4556 sppsvc - ok
16:31:20.0523 4556 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:31:20.0533 4556 sppuinotify - ok
16:31:20.0663 4556 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\NISx64\1309000.009\SRTSP64.SYS
16:31:20.0693 4556 SRTSP - ok
16:31:20.0713 4556 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS
16:31:20.0723 4556 SRTSPX - ok
16:31:20.0753 4556 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:31:20.0753 4556 srv - ok
16:31:20.0773 4556 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:31:20.0783 4556 srv2 - ok
16:31:20.0833 4556 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
16:31:20.0833 4556 SrvHsfHDA - ok
16:31:20.0913 4556 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
16:31:20.0963 4556 SrvHsfV92 - ok
16:31:21.0023 4556 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
16:31:21.0033 4556 SrvHsfWinac - ok
16:31:21.0093 4556 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:31:21.0103 4556 srvnet - ok
16:31:21.0133 4556 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:31:21.0133 4556 SSDPSRV - ok
16:31:21.0153 4556 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:31:21.0153 4556 SstpSvc - ok
16:31:21.0183 4556 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:31:21.0183 4556 stexstor - ok
16:31:21.0223 4556 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
16:31:21.0243 4556 stisvc - ok
16:31:21.0243 4556 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:31:21.0243 4556 swenum - ok
16:31:21.0273 4556 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:31:21.0293 4556 swprv - ok
16:31:21.0353 4556 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS
16:31:21.0373 4556 SymDS - ok
16:31:21.0463 4556 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS
16:31:21.0503 4556 SymEFA - ok
16:31:21.0543 4556 [ 894579207E39C465737E850A252CE4F2 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
16:31:21.0553 4556 SymEvent - ok
16:31:21.0593 4556 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS
16:31:21.0603 4556 SymIRON - ok
16:31:21.0653 4556 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\Windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS
16:31:21.0673 4556 SymNetS - ok
16:31:21.0743 4556 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
16:31:21.0793 4556 SysMain - ok
16:31:21.0813 4556 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:31:21.0813 4556 TabletInputService - ok
16:31:21.0833 4556 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
16:31:21.0843 4556 TapiSrv - ok
16:31:21.0863 4556 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:31:21.0863 4556 TBS - ok
16:31:21.0943 4556 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:31:22.0003 4556 Tcpip - ok
16:31:22.0083 4556 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:31:22.0093 4556 TCPIP6 - ok
16:31:22.0133 4556 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:31:22.0133 4556 tcpipreg - ok
16:31:22.0153 4556 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:31:22.0153 4556 TDPIPE - ok
16:31:22.0183 4556 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:31:22.0183 4556 TDTCP - ok
16:31:22.0193 4556 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:31:22.0193 4556 tdx - ok
16:31:22.0213 4556 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:31:22.0213 4556 TermDD - ok
16:31:22.0263 4556 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
16:31:22.0283 4556 TermService - ok
16:31:22.0303 4556 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:31:22.0303 4556 Themes - ok
16:31:22.0323 4556 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:31:22.0323 4556 THREADORDER - ok
16:31:22.0413 4556 [ EFEF22B9577E5051057FDE1AE381B50C ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
16:31:22.0413 4556 TomTomHOMEService - ok
16:31:22.0443 4556 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:31:22.0443 4556 TrkWks - ok
16:31:22.0483 4556 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:31:22.0493 4556 TrustedInstaller - ok
16:31:22.0513 4556 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:31:22.0513 4556 tssecsrv - ok
16:31:22.0553 4556 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:31:22.0553 4556 tunnel - ok
16:31:22.0563 4556 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:31:22.0563 4556 uagp35 - ok
16:31:22.0593 4556 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
16:31:22.0593 4556 UBHelper - ok
16:31:22.0623 4556 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:31:22.0623 4556 udfs - ok
16:31:22.0643 4556 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:31:22.0643 4556 UI0Detect - ok
16:31:22.0673 4556 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
16:31:22.0673 4556 uliagpkx - ok
16:31:22.0683 4556 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:31:22.0683 4556 umbus - ok
16:31:22.0683 4556 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:31:22.0693 4556 UmPass - ok
16:31:22.0733 4556 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
16:31:22.0743 4556 Updater Service - ok
16:31:22.0773 4556 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:31:22.0783 4556 upnphost - ok
16:31:22.0843 4556 [ 54D4B48D443E7228BF64CF7CDC3118AC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
16:31:22.0843 4556 USBAAPL64 - ok
16:31:22.0863 4556 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:31:22.0863 4556 usbaudio - ok
16:31:22.0903 4556 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:31:22.0903 4556 usbccgp - ok
16:31:22.0913 4556 USBCCID - ok
16:31:22.0943 4556 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
16:31:22.0953 4556 usbcir - ok
16:31:22.0983 4556 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:31:22.0983 4556 usbehci - ok
16:31:23.0033 4556 [ 6648C6D7323A2CE0C4776C36CEFBCB14 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
16:31:23.0043 4556 usbfilter - ok
16:31:23.0093 4556 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:31:23.0113 4556 usbhub - ok
16:31:23.0153 4556 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
16:31:23.0153 4556 usbohci - ok
16:31:23.0183 4556 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:31:23.0193 4556 usbprint - ok
16:31:23.0243 4556 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:31:23.0243 4556 usbscan - ok
16:31:23.0263 4556 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:31:23.0263 4556 USBSTOR - ok
16:31:23.0303 4556 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:31:23.0303 4556 usbuhci - ok
16:31:23.0333 4556 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
16:31:23.0333 4556 usbvideo - ok
16:31:23.0363 4556 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:31:23.0363 4556 UxSms - ok
16:31:23.0383 4556 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
16:31:23.0393 4556 VaultSvc - ok
16:31:23.0443 4556 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
16:31:23.0443 4556 vdrvroot - ok
16:31:23.0463 4556 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
16:31:23.0483 4556 vds - ok
16:31:23.0493 4556 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:31:23.0493 4556 vga - ok
16:31:23.0493 4556 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:31:23.0503 4556 VgaSave - ok
16:31:23.0513 4556 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
16:31:23.0513 4556 vhdmp - ok
16:31:23.0523 4556 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
16:31:23.0523 4556 viaide - ok
16:31:23.0533 4556 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
16:31:23.0533 4556 volmgr - ok
16:31:23.0553 4556 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:31:23.0553 4556 volmgrx - ok
16:31:23.0573 4556 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
16:31:23.0573 4556 volsnap - ok
16:31:23.0663 4556 [ 1CA935ADF4353A6E27C4AFFA2E2708C5 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
16:31:23.0673 4556 vpnagent - ok
16:31:23.0713 4556 [ E526A69D932538AE8BC96B3F4A5A90B1 ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
16:31:23.0713 4556 vpnva - ok
16:31:23.0733 4556 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:31:23.0733 4556 vsmraid - ok
16:31:23.0803 4556 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
16:31:23.0863 4556 VSS - ok
16:31:23.0873 4556 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:31:23.0873 4556 vwifibus - ok
16:31:23.0883 4556 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:31:23.0883 4556 vwififlt - ok
16:31:23.0903 4556 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:31:23.0913 4556 W32Time - ok
16:31:23.0923 4556 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:31:23.0923 4556 WacomPen - ok
16:31:23.0933 4556 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:31:23.0933 4556 WANARP - ok
16:31:23.0943 4556 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:31:23.0943 4556 Wanarpv6 - ok
16:31:24.0013 4556 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:31:24.0053 4556 WatAdminSvc - ok
16:31:24.0093 4556 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
16:31:24.0133 4556 wbengine - ok
16:31:24.0133 4556 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:31:24.0143 4556 WbioSrvc - ok
16:31:24.0173 4556 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:31:24.0183 4556 wcncsvc - ok
16:31:24.0203 4556 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:31:24.0203 4556 WcsPlugInService - ok
16:31:24.0223 4556 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:31:24.0223 4556 Wd - ok
16:31:24.0253 4556 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:31:24.0263 4556 Wdf01000 - ok
16:31:24.0273 4556 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:31:24.0273 4556 WdiServiceHost - ok
16:31:24.0283 4556 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:31:24.0283 4556 WdiSystemHost - ok
16:31:24.0313 4556 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
16:31:24.0323 4556 WebClient - ok
16:31:24.0343 4556 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:31:24.0343 4556 Wecsvc - ok
16:31:24.0353 4556 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:31:24.0363 4556 wercplsupport - ok
16:31:24.0403 4556 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:31:24.0403 4556 WerSvc - ok
16:31:24.0423 4556 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:31:24.0423 4556 WfpLwf - ok
16:31:24.0433 4556 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:31:24.0433 4556 WIMMount - ok
16:31:24.0483 4556 [ A6EA7A3FC4B00F48535B506DB1E86EFD ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
16:31:24.0503 4556 winachsf - ok
16:31:24.0533 4556 WinDefend - ok
16:31:24.0533 4556 WinHttpAutoProxySvc - ok
16:31:24.0593 4556 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:31:24.0603 4556 Winmgmt - ok
16:31:24.0663 4556 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
16:31:24.0713 4556 WinRM - ok
16:31:24.0793 4556 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:31:24.0803 4556 WinUsb - ok
16:31:24.0843 4556 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:31:24.0863 4556 Wlansvc - ok
16:31:24.0893 4556 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:31:24.0893 4556 WmiAcpi - ok
16:31:24.0963 4556 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:31:24.0963 4556 wmiApSrv - ok
16:31:25.0013 4556 WMPNetworkSvc - ok
16:31:25.0063 4556 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:31:25.0063 4556 WPCSvc - ok
16:31:25.0073 4556 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:31:25.0073 4556 WPDBusEnum - ok
16:31:25.0083 4556 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:31:25.0083 4556 ws2ifsl - ok
16:31:25.0103 4556 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
16:31:25.0113 4556 wscsvc - ok
16:31:25.0113 4556 WSearch - ok
16:31:25.0223 4556 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:31:25.0283 4556 wuauserv - ok
16:31:25.0293 4556 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:31:25.0293 4556 WudfPf - ok
16:31:25.0323 4556 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:31:25.0323 4556 WUDFRd - ok
16:31:25.0353 4556 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:31:25.0353 4556 wudfsvc - ok
16:31:25.0363 4556 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:31:25.0373 4556 WwanSvc - ok
16:31:25.0393 4556 [ E8F3FA126A06F8E7088F63757112A186 ] XAudio C:\Windows\system32\DRIVERS\XAudio64.sys
16:31:25.0393 4556 XAudio - ok
16:31:25.0423 4556 ================ Scan global ===============================
16:31:25.0443 4556 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:31:25.0493 4556 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll
16:31:25.0533 4556 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll
16:31:25.0573 4556 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:31:25.0603 4556 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:31:25.0613 4556 [Global] - ok
16:31:25.0623 4556 ================ Scan MBR ==================================
16:31:25.0633 4556 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:31:26.0773 4556 \Device\Harddisk0\DR0 - ok
16:31:26.0793 4556 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR1
16:31:27.0063 4556 \Device\Harddisk1\DR1 - ok
16:31:27.0063 4556 ================ Scan VBR ==================================
16:31:27.0063 4556 [ F6DB4357816CB62E20C12650128FA49F ] \Device\Harddisk0\DR0\Partition1
16:31:27.0063 4556 \Device\Harddisk0\DR0\Partition1 - ok
16:31:27.0083 4556 [ A186A662ED6B4E19C68E377A366FCB99 ] \Device\Harddisk0\DR0\Partition2
16:31:27.0083 4556 \Device\Harddisk0\DR0\Partition2 - ok
16:31:27.0093 4556 [ 966567FDDCC017986ED48D7B65BD7FCA ] \Device\Harddisk1\DR1\Partition1
16:31:27.0093 4556 \Device\Harddisk1\DR1\Partition1 - ok
16:31:27.0093 4556 ============================================================
16:31:27.0093 4556 Scan finished
16:31:27.0093 4556 ============================================================
16:31:27.0103 2232 Detected object count: 0
16:31:27.0103 2232 Actual detected object count: 0
|
|
04.11.2012, 16:47
| #6 | ||
| /// TB-Ausbilder | Ungewünschte Emails an Kontakte werden verschickt Gut!  Dann bitte jetzt Combofix ausführen. Schritt 1: Scan mit Combofix Schritt 2: Liste der installierten Programme (Combofix) Bitte suche und poste mir die folgende Datei:
__________________ --> Ungewünschte Emails an Kontakte werden verschickt |
|
04.11.2012, 17:19
| #7 |
| | Ungewünschte Emails an Kontakte werden verschickt Hier die Ergebnisse des ComboFix: [CODE] Combofix Logfile: Code:
ATTFilter ComboFix 12-11-04.01 - Corinna 04.11.2012 17:02:56.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.4094.1674 [GMT 1:00]
ausgeführt von:: c:\users\Corinna\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\program files (x86)\Common Files\Tencent\Paycenter
c:\program files (x86)\Common Files\Tencent\Paycenter\qqcert.dll
c:\program files (x86)\Common Files\Tencent\Paycenter\qqedit.dll
c:\users\Corinna\AppData\Roaming\SogouExplorer
c:\users\Corinna\AppData\Roaming\SogouExplorer\confdll.dll
c:\users\Corinna\AppData\Roaming\SogouExplorer\SogouExplorerSetup.exe
c:\windows\SysWow64\DEBUG.log
c:\windows\Temp\log.txt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-04 bis 2012-11-04 ))))))))))))))))))))))))))))))
.
.
2012-11-04 16:14 . 2012-11-04 16:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-04 14:53 . 2012-11-04 14:53 95392 ----a-w- c:\windows\system32\drivers\SMR311.SYS
2012-11-03 10:28 . 2012-11-03 10:28 -------- d-----w- c:\users\Corinna\AppData\Local\Facebook
2012-10-13 18:09 . 2012-10-13 18:10 -------- d-----w- c:\users\Corinna\zu sortieren
2012-10-10 12:21 . 2012-08-31 18:02 1656688 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 12:21 . 2012-08-30 18:11 5505904 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 12:21 . 2012-08-30 17:18 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 12:21 . 2012-08-30 17:18 3902832 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 12:21 . 2012-09-14 19:23 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 12:21 . 2012-09-14 18:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 12:19 . 2012-08-18 15:22 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-10 12:18 . 2012-06-02 05:25 1462784 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 12:18 . 2012-06-02 05:25 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 12:18 . 2012-06-02 05:25 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 12:18 . 2012-06-02 04:45 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 12:18 . 2012-06-02 04:45 1157632 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 12:18 . 2012-06-02 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-09 20:18 . 2012-10-09 20:18 -------- d-----w- c:\users\Corinna\AppData\Roaming\TuneUp Software
2012-10-09 20:17 . 2012-10-09 20:18 -------- d-----w- c:\programdata\TuneUp Software
2012-10-09 20:17 . 2012-10-09 20:17 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-10-09 20:17 . 2012-10-09 20:17 -------- d--h--w- c:\programdata\Common Files
2012-10-09 20:16 . 2012-10-09 20:16 -------- d-----w- c:\users\Corinna\AppData\Roaming\OpenCandy
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 07:19 . 2010-12-26 20:19 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-08-24 11:15 . 2012-09-24 07:51 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-24 07:51 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-24 07:51 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-24 07:51 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-24 07:51 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-24 07:51 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-24 07:51 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-24 07:51 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-24 07:51 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-24 07:51 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-24 07:51 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-24 07:51 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-24 07:51 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-24 07:51 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-24 07:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-24 07:51 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-24 07:51 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-24 07:51 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-24 07:51 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-24 07:51 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-24 07:51 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-24 07:51 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-18 11:19 . 2012-10-10 12:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Corinna\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Corinna\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Corinna\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-22 39408]
"Remote Mouse"="c:\program files (x86)\Remote Mouse\RemoteMouse.exe" [2011-05-10 872448]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
"Facebook Update"="c:\users\Corinna\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-11-03 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-21 261888]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-27 1194504]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-07-31 128296]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-08-04 181480]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2010-06-07 111928]
"iSaverCtrl"="c:\program files (x86)\iSaver\iSaverCtrl.exe" [2005-06-10 673792]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-01 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\users\Corinna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Corinna\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-25 26909544]
Facebook Messenger.lnk - c:\users\Corinna\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe [2012-9-25 247728]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ SOGOUPY.IME
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 OpenSSHd;OpenSSH Server;c:\program files (x86)\OpenSSH\bin\cygrunsrv.exe [2004-04-18 36864]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2008-07-26 15768]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2008-07-26 790424]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-18 51712]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-26 1255736]
S0 SMR311;Symantec SMR Utility Service 3.1.1;c:\windows\System32\drivers\SMR311.SYS [2012-11-04 95392]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS [2011-07-25 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121005.002\BHDrvx64.sys [2012-10-05 1385632]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121102.001\IDSvia64.sys [2012-09-01 513184]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS [2012-04-18 405624]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2010-09-27 75648]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-05 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-07 311592]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2012-06-16 138272]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-10-21 592120]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-13 292864]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2008-07-26 50072]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 85261189
*NewlyCreated* - ASWMBR
*NewlyCreated* - SMR311
*Deregistered* - 85261189
*Deregistered* - aswMBR
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-67456332-1326641572-1651238357-1000Core.job
- c:\users\Corinna\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-03 10:28]
.
2012-11-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-67456332-1326641572-1651238357-1000UA.job
- c:\users\Corinna\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-03 10:28]
.
2012-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-16 22:02]
.
2012-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-16 22:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Corinna\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Corinna\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Corinna\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Corinna\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-07 349480]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-09-18 200704]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-05 828960]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=942c2072-03f9-467e-bc37-b926e3f1d3c7&searchtype=hp&exp=true
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5542&r=27360110v806l0308z145t4781y60s
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5542&r=27360110v806l0308z145t4781y60s
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=942c2072-03f9-467e-bc37-b926e3f1d3c7&searchtype=ds&q={searchTerms}
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Corinna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Corinna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\users\Corinna\AppData\Roaming\Mozilla\Firefox\Profiles\caot7npx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=942c2072-03f9-467e-bc37-b926e3f1d3c7&searchtype=hp
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-04 17:17:53
ComboFix-quarantined-files.txt 2012-11-04 16:17
.
Vor Suchlauf: 13 Verzeichnis(se), 383.171.264.512 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 387.414.151.168 Bytes frei
.
- - End Of File - - F070537673960697E8FDE7E1F01E5EBD
Die Liste, die du noch sehen wolltest: Code:
ATTFilter ??????? 6.1???
??QQ2011
Acer Arcade Deluxe
Acer Backup Manager
Acer Crystal Eye webcam Ver:1.1.74.216
Acer ePower Management
Acer eRecovery Management
Acer GameZone Console
Acer GridVista
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.4) - Deutsch
Alice Greenfingers
Amazonia
AMD USB Filter Driver
Apple Application Support
Apple Software Update
Ashampoo Burning Studio Elements 10.0.9
Backup Manager Basic
Bus-Simulator 2009
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDU.de Bildschirmschoner
Chicken Invaders 2
Cisco AnyConnect VPN Client
Compatibility Pack für 2007 Office System
Dairy Dash
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Derive 6
Dev-C++ 5 beta 9 release (4.9.9.2)
Die Sims 2: Family Fun - Accessoires
Die Sims 2: Open For Business
Die Sims 2: Wilde Campus-Jahre
Die Sims™ 2 Apartment-Leben
Die Sims™ 2 Deluxe
Die Sims™ 2 Gute Reise
Die Sims™ 2 Haustiere
Die Sims™ 2 Vier Jahreszeiten
Dream Day First Home
Dropbox
DVDVideoSoftTB Toolbar
eBay Worldwide
eSobi v2
Facebook Messenger 2.1.4651.0
Farm Frenzy 2
Free Audio CD Burner version 1.4.8
Free YouTube Download 3 version 3.0.6.715
Free YouTube to MP3 Converter version 3.11.33.1005
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GPL Ghostscript 8.63
Granny In Paradise
GSview 4.9
Heroes of Hellas
ICQ7.2
Identity Card
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 26
Launch Manager
Merriam Websters Spell Jam
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2007
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2007
Microsoft Office Excel MUI (German) 2010
Microsoft Office Groove MUI (German) 2007
Microsoft Office Home and Student 2010
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office Language Pack 2007 - German/Deutsch
Microsoft Office O MUI (German) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2007
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office PowerPoint Viewer 2007 (German)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2007
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2007
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing (German) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared MUI (German) 2007
Microsoft Office Shared MUI (German) 2010
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office SharePoint Designer MUI (German) 2007
Microsoft Office Single Image 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (German) 2007
Microsoft Office Word MUI (German) 2010
Microsoft Office X MUI (German) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MiKTeX 2.7
Mozilla Firefox 16.0.2 (x86 de)
Mozilla Maintenance Service
Mozilla Thunderbird (3.1.11)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker
Norton Internet Security
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
Ontrack EasyRecovery DataRecovery Trial
OpenSSH for Windows (remove only)
PDF Blender
pdfsam
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Remote Mouse version 1.09
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Skype Toolbars
Skype™ 5.10
Star Defender 4
SweetIM for Messenger 3.2
Tar-1.13 Binaries (GnuWin32)
TeXnicCenter Version 1.0 Stable RC1
Tinn-R 2.3.7.1
TomTom HOME 2.8.2.2264
TomTom HOME Visual Studio Merge Modules
Tuned!
Uninstall 1.0.0.1
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Welcome Center
Windows Live-Uploadtool
Windows Live Sync
WinRAR
WinShell
|
|
04.11.2012, 17:34
| #8 |
| /// TB-Ausbilder | Ungewünschte Emails an Kontakte werden verschickt Ja, gut, danke. Schritt 1: AdwCleaner: Werbeprogramme suchen und löschen Schritt 2: Customscan mit OTL
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
04.11.2012, 18:11
| #9 |
| | Ungewünschte Emails an Kontakte werden verschickt Zum ersten Schritt: Code:
ATTFilter # AdwCleaner v2.006 - Datei am 04/11/2012 um 17:58:10 erstellt
# Aktualisiert am 30/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzer : Corinna - CORINNA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Corinna\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Corinna\AppData\Roaming\Mozilla\Firefox\Profiles\caot7npx.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\Corinna\AppData\Roaming\Mozilla\Firefox\Profiles\caot7npx.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Corinna\AppData\Roaming\Mozilla\Firefox\Profiles\caot7npx.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\Corinna\AppData\Roaming\Mozilla\Firefox\Profiles\caot7npx.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\Corinna\AppData\Roaming\Mozilla\Firefox\Profiles\caot7npx.default\searchplugins\icqplugin-3.xml
Datei Gelöscht : C:\Users\Corinna\AppData\Roaming\Mozilla\Firefox\Profiles\caot7npx.default\searchplugins\SweetIm.xml
Datei Gelöscht : C:\Users\Corinna\AppData\Roaming\Mozilla\Firefox\Profiles\caot7npx.default\searchplugins\Web Search.xml
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\DVDVideoSoftTB
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\Users\Corinna\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Corinna\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Corinna\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\Corinna\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Corinna\AppData\Roaming\Mozilla\Firefox\Profiles\caot7npx.default\Conduit
Ordner Gelöscht : C:\Users\Corinna\AppData\Roaming\Mozilla\Firefox\Profiles\caot7npx.default\ConduitCommon
Ordner Gelöscht : C:\Users\Corinna\AppData\Roaming\Mozilla\Firefox\Profiles\caot7npx.default\CT2269050
Ordner Gelöscht : C:\Users\Corinna\AppData\Roaming\Mozilla\Firefox\Profiles\caot7npx.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Ordner Gelöscht : C:\Users\Corinna\AppData\Roaming\Mozilla\Firefox\Profiles\caot7npx.default\SweetIMToolbarData
Ordner Gelöscht : C:\Users\Corinna\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C166656-AF51-4807-BEE5-0D331767F2D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D4AE723C-CC03-4CF2-BA43-B9E4AAB8B7F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{08ED8855-4C2E-429B-A878-F129E1F624FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=942c2072-03f9-467e-bc37-b926e3f1d3c7&searchtype=hp&exp=true --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=942c2072-03f9-467e-bc37-b926e3f1d3c7&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=942c2072-03f9-467e-bc37-b926e3f1d3c7&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\Corinna\AppData\Roaming\Mozilla\Firefox\Profiles\caot7npx.default\prefs.js
C:\Users\Corinna\AppData\Roaming\Mozilla\Firefox\Profiles\caot7npx.default\user.js ... Gelöscht !
Gelöscht : user_pref("CT2269050..clientLogIsEnabled", true);
Gelöscht : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", true);
Gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Gelöscht : user_pref("CT2269050.CurrentServerDate", "4-11-2012");
Gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2269050.DialogsGetterLastCheckTime", "Sat Nov 03 2012 10:43:52 GMT+0100");
Gelöscht : user_pref("CT2269050.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Fri Nov 19 2010 21:48:49 GMT+0100");
Gelöscht : user_pref("CT2269050.FirstServerDate", "2-10-2010");
Gelöscht : user_pref("CT2269050.FirstTime", true);
Gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Gelöscht : user_pref("CT2269050.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2269050.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2269050.Initialize", true);
Gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Gelöscht : user_pref("CT2269050.InstalledDate", "Sat Oct 02 2010 20:42:27 GMT+0200");
Gelöscht : user_pref("CT2269050.InvalidateCache", false);
Gelöscht : user_pref("CT2269050.IsGrouping", false);
Gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Sat Nov 03 2012 17:21:19 GMT+0100");
Gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2269050.LastLogin_2.7.2.0", "Fri Nov 19 2010 23:48:17 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.12.0.7", "Thu Apr 26 2012 23:04:12 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.12.2.3", "Mon May 28 2012 23:19:01 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.13.0.6", "Sun Jul 01 2012 21:27:43 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.14.1.0", "Tue Aug 21 2012 21:08:08 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.15.1.0", "Sun Nov 04 2012 17:18:20 GMT+0100");
Gelöscht : user_pref("CT2269050.LatestVersion", "3.15.1.0");
Gelöscht : user_pref("CT2269050.Locale", "en");
Gelöscht : user_pref("CT2269050.LoginCache", 4);
Gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Fri Nov 19 2010 20:48:37 GMT+0100");
Gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
Gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Gelöscht : user_pref("CT2269050.SavedHomepage", "hxxp://www.google.de/");
Gelöscht : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Sun Nov 04 2012 17:18:20 GMT+0100");
Gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2269050.ServiceMapLastCheckTime", "Sun Nov 04 2012 17:18:20 GMT+0100");
Gelöscht : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Sun Nov 04 2012 17:18:19 GMT+0100");
Gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1351258177");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sun Nov 14 2010 16:49:28 GMT+0100");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Gelöscht : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Gelöscht : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2269050.UserID", "UN06880678311128907");
Gelöscht : user_pref("CT2269050.ValidationData_Toolbar", 2);
Gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Gelöscht : user_pref("CT2269050.WeatherPollDate", "Fri Nov 19 2010 21:48:49 GMT+0100");
Gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Gelöscht : user_pref("CT2269050.autoDisableScopes", -1);
Gelöscht : user_pref("CT2269050.clientLogIsEnabled", true);
Gelöscht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2269050.initDone", true);
Gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2269050.revertSettingsEnabled", true);
Gelöscht : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2269050.testingCtid", "");
Gelöscht : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Sun Nov 04 2012 17:18:20 GMT+0100");
Gelöscht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CT2269050.usagesFlag", 2);
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"d63[...]
Gelöscht : user_pref("CommunityToolbar.EngineOwner", "");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "");
Gelöscht : user_pref("CommunityToolbar.IsEngineShown", true);
Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://plasmoo.com/index.htm?SearchMashi[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Jun 11 2011 17:17:45 GMT+02[...]
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jun 11 2011 17:17:42 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "20d74d17-655b-4fe5-a251-d4159edc9143");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Nov 19 2010 23:00:40 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "1186ba80-c2ce-4d1b-9abf-b4a24364e83a");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpe[...]
Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=");
Gelöscht : user_pref("plasmoo.search.engine.prevkeywordurl", "hxxp://search.icq.com/search/afe_results.php?ch_i[...]
Gelöscht : user_pref("plasmoo.search.engine.prevsearchdefaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?c[...]
Gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.mode.debug", "false");
Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_i[...]
Gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Gelöscht : user_pref("sweetim.toolbar.search.history", "deutsch%20chinesisches%20baby,deutsche%20wele,hisqis%20[...]
Gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10");
Gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.simapp_id", "{46C51824-9AF2-4807-8FEE-59D7DC609693}");
Gelöscht : user_pref("sweetim.toolbar.version", "1.2.0.2");
*************************
AdwCleaner[S1].txt - [20796 octets] - [04/11/2012 17:58:10]
########## EOF - C:\AdwCleaner[S1].txt - [20857 octets] ##########
|
|
04.11.2012, 18:46
| #10 |
| | Ungewünschte Emails an Kontakte werden verschickt Ergebnisse aus dem OTL Quick Scan: OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.11.2012 18:19:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Corinna\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 66,96% Memory free
7,99 Gb Paging File | 6,60 Gb Available in Paging File | 82,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,94 Gb Total Space | 361,19 Gb Free Space | 79,57% Space Free | Partition Type: NTFS
Drive F: | 1,90 Gb Total Space | 1,67 Gb Free Space | 87,65% Space Free | Partition Type: FAT
Computer Name: CORINNA-PC | User Name: Corinna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.11.04 18:08:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Corinna\Desktop\OTL(1).exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.25 03:08:10 | 026,909,544 | ---- | M] (Dropbox, Inc.) -- C:\Users\Corinna\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
PRC - [2011.04.22 13:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011.04.22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010.10.21 19:33:56 | 000,592,120 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009.09.18 17:02:37 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009.08.27 21:48:32 | 001,194,504 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009.08.21 01:25:56 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009.08.21 01:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009.08.07 10:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009.08.07 10:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009.08.04 22:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009.08.04 20:45:00 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009.07.31 16:29:12 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.06.04 14:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
========== Modules (No Company Name) ==========
MOD - [2011.02.06 10:32:14 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009.09.18 17:02:37 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009.02.03 01:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
========== Services (SafeList) ==========
SRV:64bit: - [2009.07.02 19:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.10.27 16:48:30 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe -- (NIS)
SRV - [2011.04.22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.10.21 19:33:56 | 000,592,120 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.08.21 01:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.08.07 10:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.08.05 20:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.10 22:15:04 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009.06.04 14:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2004.04.18 12:11:14 | 000,036,864 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\OpenSSH\bin\cygrunsrv.exe -- (OpenSSHd)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.07.06 03:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012.07.06 03:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012.06.07 05:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012.05.22 02:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012.04.18 03:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symnets.sys -- (SymNetS)
DRV:64bit: - [2012.04.18 02:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.03.27 07:04:32 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.07.25 19:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symds64.sys -- (SymDS)
DRV:64bit: - [2011.02.18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.10.21 19:20:39 | 000,022,752 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2010.09.27 16:42:06 | 000,075,648 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2010.09.27 16:42:04 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp)
DRV:64bit: - [2010.09.27 16:42:02 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2010.09.27 16:42:00 | 000,025,344 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.09 02:49:16 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.02 19:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.06.20 12:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009.06.10 22:15:04 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2009.06.10 22:15:04 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 11:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.06.05 01:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.25 04:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009.05.05 06:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.04.28 15:03:42 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.04.28 15:03:42 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.04.03 05:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.02.13 07:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009.02.13 07:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009.02.13 07:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008.07.26 14:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008.07.26 14:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2008.07.26 14:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2008.07.26 14:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV - [2012.11.04 11:03:29 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121103.005\ex64.sys -- (NAVEX15)
DRV - [2012.11.04 11:03:29 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121103.005\eng64.sys -- (NAVENG)
DRV - [2012.10.05 19:23:26 | 001,385,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121005.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012.09.01 01:27:23 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121102.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012.08.09 11:42:56 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.08.09 10:39:08 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5542&r=27360110v806l0308z145t4781y60s
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5542&r=27360110v806l0308z145t4781y60s
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5542&r=27360110v806l0308z145t4781y60s
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-67456332-1326641572-1651238357-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-67456332-1326641572-1651238357-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-67456332-1326641572-1651238357-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-67456332-1326641572-1651238357-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-67456332-1326641572-1651238357-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-67456332-1326641572-1651238357-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE360
IE - HKU\S-1-5-21-67456332-1326641572-1651238357-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-67456332-1326641572-1651238357-1000\..\SearchScopes\{7E78B92B-CEBA-4564-AC1E-4FD8766387CF}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-67456332-1326641572-1651238357-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=DE&ver=18
IE - HKU\S-1-5-21-67456332-1326641572-1651238357-1000\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
IE - HKU\S-1-5-21-67456332-1326641572-1651238357-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-67456332-1326641572-1651238357-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo"
FF - prefs.js..browser.search.defaulturl: "hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: engine@plasmoo.com:1.0.0.32
FF - prefs.js..extensions.enabledAddons: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.5
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121012015120
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: toolbar@web.de:1.4.1
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.8.20100713041928
FF - prefs.js..extensions.enabledItems: engine@plasmoo.com:1.0.0.32
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Corinna\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.02.05 14:08:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012.11.04 18:02:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 16:48:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.27 16:48:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.04.25 22:28:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 16:48:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.27 16:48:25 | 000,000,000 | ---D | M]
[2011.09.13 00:03:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Corinna\AppData\Roaming\mozilla\Extensions
[2011.03.02 00:18:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Corinna\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.09.13 00:03:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Corinna\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.11.04 17:58:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Corinna\AppData\Roaming\mozilla\Firefox\Profiles\caot7npx.default\extensions
[2012.10.17 10:42:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Corinna\AppData\Roaming\mozilla\Firefox\Profiles\caot7npx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.12.12 17:57:46 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Corinna\AppData\Roaming\mozilla\Firefox\Profiles\caot7npx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.07 23:13:10 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\Corinna\AppData\Roaming\mozilla\Firefox\Profiles\caot7npx.default\extensions\engine@plasmoo.com
[2012.04.07 00:49:25 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\Corinna\AppData\Roaming\mozilla\firefox\profiles\caot7npx.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2011.04.12 19:49:26 | 000,000,950 | ---- | M] () -- C:\Users\Corinna\AppData\Roaming\mozilla\firefox\profiles\caot7npx.default\searchplugins\icqplugin-10.xml
[2011.04.12 19:58:42 | 000,000,950 | ---- | M] () -- C:\Users\Corinna\AppData\Roaming\mozilla\firefox\profiles\caot7npx.default\searchplugins\icqplugin-11.xml
[2011.06.08 20:52:51 | 000,000,950 | ---- | M] () -- C:\Users\Corinna\AppData\Roaming\mozilla\firefox\profiles\caot7npx.default\searchplugins\icqplugin-12.xml
[2011.06.11 20:35:29 | 000,000,950 | ---- | M] () -- C:\Users\Corinna\AppData\Roaming\mozilla\firefox\profiles\caot7npx.default\searchplugins\icqplugin-13.xml
[2011.06.23 19:14:04 | 000,000,950 | ---- | M] () -- C:\Users\Corinna\AppData\Roaming\mozilla\firefox\profiles\caot7npx.default\searchplugins\icqplugin-14.xml
[2011.06.30 13:02:29 | 000,000,950 | ---- | M] () -- C:\Users\Corinna\AppData\Roaming\mozilla\firefox\profiles\caot7npx.default\searchplugins\icqplugin-15.xml
[2011.07.04 19:47:34 | 000,000,950 | ---- | M] () -- C:\Users\Corinna\AppData\Roaming\mozilla\firefox\profiles\caot7npx.default\searchplugins\icqplugin-16.xml
[2011.08.17 18:00:52 | 000,000,950 | ---- | M] () -- C:\Users\Corinna\AppData\Roaming\mozilla\firefox\profiles\caot7npx.default\searchplugins\icqplugin-17.xml
[2011.10.10 16:25:57 | 000,000,950 | ---- | M] () -- C:\Users\Corinna\AppData\Roaming\mozilla\firefox\profiles\caot7npx.default\searchplugins\icqplugin-18.xml
[2010.04.20 10:25:34 | 000,000,950 | ---- | M] () -- C:\Users\Corinna\AppData\Roaming\mozilla\firefox\profiles\caot7npx.default\searchplugins\icqplugin-4.xml
[2010.08.07 21:44:05 | 000,000,950 | ---- | M] () -- C:\Users\Corinna\AppData\Roaming\mozilla\firefox\profiles\caot7npx.default\searchplugins\icqplugin-5.xml
[2010.09.25 13:52:05 | 000,000,950 | ---- | M] () -- C:\Users\Corinna\AppData\Roaming\mozilla\firefox\profiles\caot7npx.default\searchplugins\icqplugin-6.xml
[2010.10.02 23:15:57 | 000,000,950 | ---- | M] () -- C:\Users\Corinna\AppData\Roaming\mozilla\firefox\profiles\caot7npx.default\searchplugins\icqplugin-7.xml
[2010.11.17 22:29:57 | 000,000,950 | ---- | M] () -- C:\Users\Corinna\AppData\Roaming\mozilla\firefox\profiles\caot7npx.default\searchplugins\icqplugin-8.xml
[2011.02.03 08:29:55 | 000,000,950 | ---- | M] () -- C:\Users\Corinna\AppData\Roaming\mozilla\firefox\profiles\caot7npx.default\searchplugins\icqplugin-9.xml
[2011.04.28 18:42:58 | 000,001,975 | ---- | M] () -- C:\Users\Corinna\AppData\Roaming\mozilla\firefox\profiles\caot7npx.default\searchplugins\plasmoo.xml
[2011.02.02 23:51:48 | 000,002,449 | ---- | M] () -- C:\Users\Corinna\AppData\Roaming\mozilla\firefox\profiles\caot7npx.default\searchplugins\safesearch.xml
[2011.08.12 17:56:15 | 000,005,508 | ---- | M] () -- C:\Users\Corinna\AppData\Roaming\mozilla\firefox\profiles\caot7npx.default\searchplugins\webde-suche.xml
[2012.10.27 16:48:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.27 16:48:23 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.10.27 16:48:23 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.10.27 16:48:30 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012.11.04 17:14:21 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-67456332-1326641572-1651238357-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-67456332-1326641572-1651238357-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [iSaverCtrl] C:\Program Files (x86)\iSaver\iSaverCtrl.exe (infoMantis GmbH)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-67456332-1326641572-1651238357-1000..\Run: [Facebook Update] C:\Users\Corinna\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-67456332-1326641572-1651238357-1000..\Run: [Remote Mouse] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe ()
O4 - HKU\S-1-5-21-67456332-1326641572-1651238357-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\Corinna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Corinna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Corinna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Corinna\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-67456332-1326641572-1651238357-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-67456332-1326641572-1651238357-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Corinna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Corinna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Corinna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Corinna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E658A31-0A36-40DB-B84B-1A35F329F405}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.11.04 18:08:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Corinna\Desktop\OTL(1).exe
[2012.11.04 18:01:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.04 17:00:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.04 17:00:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.04 17:00:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.04 16:54:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.04 16:53:48 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.04 16:52:26 | 004,996,943 | R--- | C] (Swearware) -- C:\Users\Corinna\Desktop\ComboFix.exe
[2012.11.04 16:00:15 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Corinna\Desktop\aswMBR.exe
[2012.11.03 11:28:47 | 000,000,000 | ---D | C] -- C:\Users\Corinna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012.11.03 11:28:22 | 000,000,000 | ---D | C] -- C:\Users\Corinna\AppData\Local\Facebook
[2012.10.27 16:48:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.18 08:21:05 | 000,000,000 | ---D | C] -- C:\Users\Corinna\Documents\Stick
[2012.10.13 19:10:20 | 000,000,000 | ---D | C] -- C:\Users\Corinna\Desktop\Bachelorarbeit
[2012.10.13 19:09:20 | 000,000,000 | ---D | C] -- C:\Users\Corinna\zu sortieren
[2012.10.09 21:18:34 | 000,000,000 | ---D | C] -- C:\Users\Corinna\AppData\Roaming\TuneUp Software
[2012.10.09 21:17:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.10.09 21:17:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.10.09 21:17:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2009.08.22 10:01:18 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.11.04 18:12:34 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.04 18:12:34 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.04 18:08:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Corinna\Desktop\OTL(1).exe
[2012.11.04 18:01:59 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.04 18:00:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.04 18:00:14 | 3219,935,232 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.04 17:57:23 | 000,540,977 | ---- | M] () -- C:\Users\Corinna\Desktop\adwcleaner.exe
[2012.11.04 17:50:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.04 17:33:02 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-67456332-1326641572-1651238357-1000UA.job
[2012.11.04 17:14:21 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.11.04 16:52:38 | 004,996,943 | R--- | M] (Swearware) -- C:\Users\Corinna\Desktop\ComboFix.exe
[2012.11.04 16:11:42 | 000,288,773 | ---- | M] () -- C:\Users\Corinna\Desktop\avast.jpg
[2012.11.04 16:00:40 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Corinna\Desktop\aswMBR.exe
[2012.11.04 15:56:32 | 000,000,000 | ---- | M] () -- C:\Users\Corinna\defogger_reenable
[2012.11.04 11:33:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-67456332-1326641572-1651238357-1000Core.job
[2012.11.03 11:29:00 | 000,001,324 | ---- | M] () -- C:\Users\Corinna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2012.11.01 17:21:32 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.01 17:21:32 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.01 17:21:32 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.01 17:21:32 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.01 17:21:31 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.25 19:37:23 | 000,519,272 | ---- | M] () -- C:\Users\Corinna\Documents\bewerbung Corinna.pdf
[2012.10.21 14:38:10 | 000,011,378 | ---- | M] () -- C:\Users\Corinna\gsview32.ini
[2012.10.20 14:00:00 | 000,002,496 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012.10.20 13:59:58 | 002,114,373 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\Cat.DB
[2012.10.16 20:47:08 | 000,024,527 | ---- | M] () -- C:\Users\Corinna\Documents\.Rhistory
[2012.10.16 20:47:08 | 000,000,040 | ---- | M] () -- C:\Users\Corinna\Documents\.RData
[2012.10.16 17:09:10 | 000,010,074 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\VT20121008.022
[2012.10.11 20:01:24 | 660,590,873 | ---- | M] () -- C:\Windows\MEMORY.DMP
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.11.04 17:57:21 | 000,540,977 | ---- | C] () -- C:\Users\Corinna\Desktop\adwcleaner.exe
[2012.11.04 17:00:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.04 17:00:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.04 17:00:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.04 17:00:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.04 17:00:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.04 16:11:42 | 000,288,773 | ---- | C] () -- C:\Users\Corinna\Desktop\avast.jpg
[2012.11.04 15:56:32 | 000,000,000 | ---- | C] () -- C:\Users\Corinna\defogger_reenable
[2012.11.03 11:28:47 | 000,001,324 | ---- | C] () -- C:\Users\Corinna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2012.11.03 11:28:31 | 000,000,936 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-67456332-1326641572-1651238357-1000UA.job
[2012.11.03 11:28:29 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-67456332-1326641572-1651238357-1000Core.job
[2012.10.25 19:37:22 | 000,519,272 | ---- | C] () -- C:\Users\Corinna\Documents\bewerbung Corinna.pdf
[2012.10.16 20:47:08 | 000,000,040 | ---- | C] () -- C:\Users\Corinna\Documents\.RData
[2012.09.23 11:04:05 | 000,006,886 | ---- | C] () -- C:\Users\Corinna\AppData\Local\recently-used.xbel
[2012.07.23 13:06:07 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2011.12.11 18:53:48 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.12.11 18:53:47 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7030.DAT
[2011.04.30 18:27:34 | 000,003,584 | ---- | C] () -- C:\Users\Corinna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.03 10:46:36 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2011.01.18 19:32:07 | 000,001,940 | ---- | C] () -- C:\Users\Corinna\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010.12.02 22:07:20 | 000,000,000 | ---- | C] () -- C:\Users\Corinna\.octave_hist
[2010.09.30 21:09:58 | 000,000,337 | ---- | C] () -- C:\Users\Corinna\AppData\Local\Perfmon.PerfmonCfg
[2010.08.03 22:10:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.24 17:53:35 | 000,004,137 | ---- | C] () -- C:\Users\Corinna\ü8albr.dfw
[2010.05.18 18:35:32 | 000,009,094 | ---- | C] () -- C:\Users\Corinna\cocos important stuff2.mth
[2010.01.09 12:48:31 | 000,011,378 | ---- | C] () -- C:\Users\Corinna\gsview32.ini
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2011.11.03 22:24:10 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\Ashampoo
[2010.04.11 19:39:10 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\DeepBurner
[2010.04.20 20:19:40 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\Dev-Cpp
[2012.11.04 18:03:28 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\Dropbox
[2012.10.09 21:22:49 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\DVDVideoSoft
[2011.07.18 09:21:00 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.12 19:24:26 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\ICQ
[2010.05.09 21:35:12 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\OpenOffice.org
[2010.01.03 14:04:41 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\PowerCinema
[2011.07.13 09:28:37 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\Scribus
[2011.10.16 09:08:52 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\SGPPLog
[2010.01.02 19:06:26 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\SoftDMA
[2011.04.18 22:35:11 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\Softland
[2011.04.03 10:52:45 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\Tencent
[2011.03.02 00:18:14 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\Thunderbird
[2010.03.12 22:04:28 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\Tific
[2012.09.25 12:54:37 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\Tinn-R
[2011.09.13 00:03:18 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\TomTom
[2012.10.09 21:18:34 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\TuneUp Software
[2010.01.09 13:32:12 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\WinShell
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2012.11.04 18:01:54 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.09.18 17:08:41 | 000,000,000 | ---D | M] -- C:\BOOK
[2009.08.22 11:44:25 | 000,000,000 | ---D | M] -- C:\Boot
[2010.01.03 12:28:52 | 000,000,000 | ---D | M] -- C:\Dev-Cpp
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.01.02 18:37:09 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.10.18 20:55:15 | 000,000,000 | ---D | M] -- C:\Eigene Dateien
[2010.01.02 18:41:22 | 000,000,000 | ---D | M] -- C:\elements
[2009.08.22 09:48:14 | 000,000,000 | R--D | M] -- C:\MSOCache
[2010.12.02 22:14:26 | 000,000,000 | ---D | M] -- C:\Octave
[2010.02.07 13:30:36 | 000,000,000 | ---D | M] -- C:\oem
[2011.11.10 17:22:32 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.08.24 11:21:32 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.11.04 17:58:11 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.11.04 17:58:11 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.01.02 18:37:09 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.11.04 17:17:58 | 000,000,000 | ---D | M] -- C:\Qoobox
[2010.01.02 18:37:09 | 000,000,000 | ---D | M] -- C:\Recovery
[2012.11.04 18:22:29 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.08.03 07:44:54 | 000,000,000 | ---D | M] -- C:\testlog
[2012.02.25 11:26:52 | 000,000,000 | ---D | M] -- C:\Tinn-R
[2010.10.02 19:33:16 | 000,000,000 | R--D | M] -- C:\Users
[2012.11.04 17:14:29 | 000,000,000 | ---D | M] -- C:\Windows
< %SYSTEMDRIVE%\*.* >
[2012.11.04 17:58:18 | 000,020,919 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2009.07.14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009.07.27 21:40:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012.11.04 17:17:54 | 000,024,994 | ---- | M] () -- C:\ComboFix.txt
[2012.11.04 18:02:43 | 000,066,018 | ---- | M] () -- C:\CYGWIN_SYSLOG.TXT
[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007.11.07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007.11.07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007.11.07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2010.05.04 16:44:56 | 000,000,049 | ---- | M] () -- C:\Fixpunkt.m
[2011.04.03 10:50:28 | 000,000,083 | ---- | M] () -- C:\ftnstat.stat
[2007.11.07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012.11.04 18:00:14 | 3219,935,232 | -HS- | M] () -- C:\hiberfil.sys
[2007.11.07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007.11.07 07:44:20 | 000,075,280 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007.11.07 07:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007.11.07 07:44:20 | 000,090,128 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007.11.07 07:44:20 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007.11.07 07:44:20 | 000,094,224 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007.11.07 07:44:20 | 000,080,400 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007.11.07 07:44:20 | 000,078,864 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007.11.07 07:44:20 | 000,074,768 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007.11.07 07:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2006.12.01 22:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2012.11.04 18:00:33 | 4293,246,976 | -HS- | M] () -- C:\pagefile.sys
[2009.09.03 07:33:35 | 000,002,188 | RHS- | M] () -- C:\Patch.rev
[2010.01.02 18:37:37 | 000,000,211 | RHS- | M] () -- C:\Preload.rev
[2009.09.18 17:02:18 | 000,001,989 | ---- | M] () -- C:\RHDSetup.log
[2012.11.04 16:52:32 | 000,141,624 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_04.11.2012_16.30.33_log.txt
[2007.11.07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007.11.07 07:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab
[2007.11.07 07:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI
< %PROGRAMFILES%\*.exe >
< %PROGRAMFILES(X86)%\*.exe >
< %systemroot%\*. /mp /s >
< %windir%\installer\*. /10 >
< %appdata%\*. >
[2012.09.29 19:45:03 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\Adobe
[2011.04.09 20:32:25 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\Apple Computer
[2011.11.03 22:24:10 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\Ashampoo
[2010.01.02 18:40:08 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\ATI
[2010.01.02 19:06:10 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\CyberLink
[2010.04.11 19:39:10 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\DeepBurner
[2010.04.20 20:19:40 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\Dev-Cpp
[2012.11.04 18:03:28 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\Dropbox
[2012.10.09 21:22:49 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\DVDVideoSoft
[2011.07.18 09:21:00 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.01.03 12:08:11 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\Google
[2011.12.12 19:24:26 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\ICQ
[2010.01.02 18:38:30 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\Identities
[2010.01.02 18:39:24 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\Macromedia
[2011.04.18 20:07:00 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\MathWorks
[2009.08.22 07:05:58 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\Media Center Programs
[2012.09.29 19:45:03 | 000,000,000 | --SD | M] -- C:\Users\Corinna\AppData\Roaming\Microsoft
[2010.01.09 13:21:32 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\MiKTeX
[2010.01.03 12:19:00 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\Mozilla
[2010.05.09 21:35:12 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\OpenOffice.org
[2010.01.03 14:04:41 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\PowerCinema
[2011.07.13 09:28:37 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\Scribus
[2011.10.16 09:08:52 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\SGPPLog
[2012.10.25 17:32:37 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\Skype
[2012.01.12 09:56:08 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\skypePM
[2010.01.02 19:06:26 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\SoftDMA
[2011.04.18 22:35:11 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\Softland
[2011.04.03 10:52:45 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\Tencent
[2011.03.02 00:18:14 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\Thunderbird
[2010.03.12 22:04:28 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\Tific
[2012.09.25 12:54:37 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\Tinn-R
[2011.09.13 00:03:18 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\TomTom
[2012.10.09 21:18:34 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\TuneUp Software
[2010.07.19 11:09:06 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\WinRAR
[2010.01.09 13:32:12 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Roaming\WinShell
< %appdata%\*.* >
< %appdata%\*.exe /s >
[2012.07.25 03:08:10 | 026,909,544 | ---- | M] (Dropbox, Inc.) -- C:\Users\Corinna\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.07.25 03:08:14 | 000,874,424 | ---- | M] (Dropbox, Inc.) -- C:\Users\Corinna\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.07.25 03:08:20 | 000,181,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\Corinna\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.04.03 10:50:27 | 000,061,440 | R--- | M] (Flexera Software, Inc.) -- C:\Users\Corinna\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\ARPPRODUCTICON.exe
[2011.04.03 10:50:27 | 000,106,496 | R--- | M] (Flexera Software, Inc.) -- C:\Users\Corinna\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
[2011.04.03 10:50:27 | 000,061,440 | R--- | M] (Flexera Software, Inc.) -- C:\Users\Corinna\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe
[2011.04.03 10:50:27 | 000,106,496 | R--- | M] (Flexera Software, Inc.) -- C:\Users\Corinna\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
[2011.04.03 10:50:27 | 000,106,496 | R--- | M] (Flexera Software, Inc.) -- C:\Users\Corinna\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
[2012.04.29 14:06:19 | 002,749,816 | ---- | M] () -- C:\Users\Corinna\AppData\Roaming\Tencent\QQ\AuTemp\$T5B8A0MPBUHNDLRWK$A36D\10101\auclt.exe
[2011.05.25 22:48:05 | 002,677,528 | ---- | M] () -- C:\Users\Corinna\AppData\Roaming\Tencent\QQ\AuTemp\$T5B8A0MPBUHNDLRWK$A36D\13050103382140114648\QQ2011Beta1KB4_update.exe
[2011.05.25 22:48:14 | 001,262,816 | ---- | M] () -- C:\Users\Corinna\AppData\Roaming\Tencent\QQ\AuTemp\$T5B8A0MPBUHNDLRWK$A36D\13057926531759479334\QQ2011Beta1kb5_update.exe
[2011.04.03 10:46:51 | 000,031,096 | ---- | M] (Tencent) -- C:\Users\Corinna\AppData\Roaming\Tencent\QQ\SafeBase\QQSafeUD.exe
< %localappdata%\*. >
[2010.01.02 19:06:24 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Local\Acer Arcade Deluxe
[2012.09.29 19:43:01 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Local\Adobe
[2010.01.02 18:37:26 | 000,000,000 | -HSD | M] -- C:\Users\Corinna\AppData\Local\Anwendungsdaten
[2010.08.07 21:40:53 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Local\AOL
[2011.04.09 20:16:58 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Local\Apple
[2011.04.09 20:19:40 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Local\Apple Computer
[2011.11.03 22:24:06 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Local\ashampoo
[2010.01.02 18:40:08 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Local\ATI
[2010.01.18 13:56:48 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Local\Cisco
[2012.11.04 16:29:57 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Local\CrashDumps
[2010.01.02 19:06:25 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Local\CyberLink
[2012.09.24 14:07:35 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Local\Diagnostics
[2010.01.02 18:39:25 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Local\EgisTec
[2011.03.20 13:40:04 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Local\ElevatedDiagnostics
[2012.11.03 11:28:46 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Local\Facebook
[2012.08.24 11:23:52 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Local\fontconfig
[2012.08.24 11:23:46 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Local\gegl-0.2
[2012.08.25 11:42:30 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Local\Google
[2012.09.29 19:45:03 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Local\Microsoft
[2010.01.03 01:19:22 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Local\Microsoft Games
[2010.08.14 19:12:10 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Local\Microsoft Help
[2010.09.19 02:39:38 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Local\MigWiz
[2010.01.09 13:21:32 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Local\MiKTeX
[2010.01.03 12:18:52 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Local\Mozilla
[2012.11.04 15:55:33 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Local\NPE
[2011.08.09 13:28:59 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Local\PDF Annotator
[2010.01.05 23:44:05 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Local\PlayMovie
[2010.01.02 19:06:08 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Local\PowerCinema
[2011.03.03 13:33:22 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Local\ScreeNet iSaver
[2010.03.12 22:04:17 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Local\Symantec
[2012.11.04 18:19:25 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Local\Temp
[2010.01.02 18:37:26 | 000,000,000 | -HSD | M] -- C:\Users\Corinna\AppData\Local\Temporary Internet Files
[2011.04.03 10:52:37 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Local\Tencent
[2011.03.08 11:42:50 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Local\Thunderbird
[2011.09.13 00:03:18 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Local\TomTom
[2010.01.02 18:37:26 | 000,000,000 | -HSD | M] -- C:\Users\Corinna\AppData\Local\Verlauf
[2010.09.30 22:51:40 | 000,000,000 | ---D | M] -- C:\Users\Corinna\AppData\Local\VirtualStore
< %localappdata%\*.* >
[2011.05.09 18:19:50 | 000,003,584 | ---- | M] () -- C:\Users\Corinna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.30 22:49:06 | 000,119,040 | ---- | M] () -- C:\Users\Corinna\AppData\Local\GDIPFONTCACHEV1.DAT
[2012.11.04 17:58:51 | 001,686,736 | -H-- | M] () -- C:\Users\Corinna\AppData\Local\IconCache.db
[2010.08.29 16:04:52 | 000,001,643 | ---- | M] () -- C:\Users\Corinna\AppData\Local\MyWinLockerInstaller.txt-20100829.log
[2010.10.01 00:31:09 | 000,000,337 | ---- | M] () -- C:\Users\Corinna\AppData\Local\Perfmon.PerfmonCfg
[2012.09.23 11:04:05 | 000,006,886 | ---- | M] () -- C:\Users\Corinna\AppData\Local\recently-used.xbel
[2011.01.28 19:12:58 | 000,001,940 | ---- | M] () -- C:\Users\Corinna\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
< %localappdata%\*.exe /s >
[2012.09.25 11:05:20 | 000,247,728 | ---- | M] (Facebook) -- C:\Users\Corinna\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
[2012.11.03 11:28:20 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\Corinna\AppData\Local\Facebook\Update\FacebookUpdate.exe
[2012.11.03 11:28:20 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\Corinna\AppData\Local\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe
[2012.11.03 11:28:20 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\Corinna\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdate.exe
< %allusersprofile%\*. >
[2009.08.22 06:46:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Acer
[2012.10.11 08:37:00 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2010.01.02 18:37:09 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2011.04.09 20:16:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple
[2011.04.09 20:19:00 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011.11.03 22:23:51 | 000,000,000 | ---D | M] -- C:\ProgramData\ashampoo
[2010.01.02 18:40:08 | 000,000,000 | ---D | M] -- C:\ProgramData\ATI
[2009.08.22 10:13:50 | 000,000,000 | ---D | M] -- C:\ProgramData\BackupManager
[2010.01.05 11:36:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Cisco
[2012.10.09 21:17:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2010.01.05 23:45:05 | 000,000,000 | ---D | M] -- C:\ProgramData\CyberLink
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010.01.02 18:37:09 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2009.09.18 16:58:37 | 000,000,000 | ---D | M] -- C:\ProgramData\EgisTec
[2009.08.22 11:51:57 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi
[2010.01.02 18:37:09 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2010.01.03 00:43:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Friends Games
[2009.08.22 06:45:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Google
[2010.01.08 17:32:05 | 000,000,000 | ---D | M] -- C:\ProgramData\HP
[2010.08.07 21:43:57 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2010.01.24 00:44:08 | 000,000,000 | ---D | M] -- C:\ProgramData\McAfee
[2010.11.10 21:34:44 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2012.10.11 08:19:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help
[2012.09.29 19:47:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla
[2012.01.30 20:48:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Norton
[2012.01.30 20:47:10 | 000,000,000 | ---D | M] -- C:\ProgramData\NortonInstaller
[2010.01.19 23:07:55 | 000,000,000 | ---D | M] -- C:\ProgramData\NtiDvdCopy
[2009.09.18 17:03:40 | 000,000,000 | ---D | M] -- C:\ProgramData\OEM
[2011.04.09 11:46:44 | 000,000,000 | ---D | M] -- C:\ProgramData\QQPet
[2009.08.22 11:52:07 | 000,000,000 | ---D | M] -- C:\ProgramData\SiteAdvisor
[2012.08.29 11:11:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010.01.02 18:37:09 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2011.02.11 12:13:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun
[2010.01.03 00:50:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011.04.03 10:52:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Tencent
[2012.10.09 21:18:35 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2010.01.02 18:37:09 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011.04.09 20:19:18 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012.10.09 21:17:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
< %allusersprofile%\*.* >
[2009.09.18 17:08:30 | 000,007,832 | ---- | M] () -- C:\ProgramData\ArcadeDeluxe3.log
[2010.08.03 22:10:14 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2009.07.18 02:57:22 | 000,036,136 | ---- | M] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[2010.01.08 17:41:48 | 000,000,580 | ---- | M] () -- C:\ProgramData\hpzinstall.log
< %allusersprofile%\*.exe /s >
[2009.07.18 02:57:22 | 000,036,136 | ---- | M] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[2009.02.04 12:56:16 | 000,086,376 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DifXInstall64.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\10821\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\10821\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\10821\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\10821\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\14304\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\14304\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\14304\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\14304\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\15693\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\15693\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\15693\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\15693\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\15960\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\15960\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\15960\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\15960\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\16442\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\16442\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\16442\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\16442\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\17053\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\17053\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\17053\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\17053\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\18476\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\18476\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\18476\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\18476\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\20278\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\20278\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\20278\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\20278\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\21770\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\21770\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\21770\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\21770\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\21991\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\21991\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\21991\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\21991\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\23080\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\23080\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\23080\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\23080\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\23400\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\23400\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\23400\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\23400\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\24140\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\24140\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\24140\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\24140\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\25464\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\25464\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\25464\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\25464\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\27567\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\27567\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\27567\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\27567\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\27927\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\27927\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\27927\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\27927\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\32011\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\32011\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\32011\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\32011\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\32381\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\32381\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\32381\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\32381\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\3244\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\3244\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\3244\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\3244\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\3486\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\3486\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\3486\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\3486\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\3567\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\3567\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\3567\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\3567\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\3736\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\3736\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\3736\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\3736\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\3740\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\3740\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\3740\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\3740\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\3769\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\3769\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\3769\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\3769\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\7504\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\7504\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\7504\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.4\ARM\7504\ReaderUpdater.exe
[2012.07.28 02:20:55 | 000,343,536 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1031-7B44-AA1000000001}\setup.exe
[2011.03.01 21:32:44 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple Computer\Installer Cache\iTunes 10.2.0.34\SetupAdmin.exe
[2011.08.07 17:50:33 | 000,527,024 | ---- | M] (Google Inc.) -- C:\ProgramData\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
[2010.10.13 00:19:52 | 002,601,840 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\NUA.exe
[2010.04.07 14:00:34 | 000,274,432 | ---- | M] (Tencent) -- C:\ProgramData\QQPet\QQPenguin\bugreport.exe
[2010.11.16 14:47:20 | 000,165,240 | ---- | M] () -- C:\ProgramData\QQPet\QQPenguin\Cleaner932.exe
[2010.05.21 15:27:22 | 000,071,032 | ---- | M] () -- C:\ProgramData\QQPet\QQPenguin\CrashRestarter.exe
[2010.09.28 16:51:12 | 000,028,024 | ---- | M] (Tencent) -- C:\ProgramData\QQPet\QQPenguin\KernelStartHelper.exe
[2010.12.27 14:17:48 | 000,050,552 | ---- | M] (Tencent) -- C:\ProgramData\QQPet\QQPenguin\QQPenguin.exe
[2010.09.28 16:51:12 | 000,028,024 | ---- | M] (Tencent) -- C:\ProgramData\QQPet\QQPetAgent\KernelStartHelper.exe
[2010.12.27 14:17:48 | 000,050,552 | ---- | M] (Tencent) -- C:\ProgramData\QQPet\QQPetAgent\QQPetAgent.exe
========== Files - Unicode (All) ==========
(C:\Users\Corinna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????) -- C:\Users\Corinna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\???????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狗拼音输入法
========== Alternate Data Streams ==========
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B9176C0
< End of report >
|
|
04.11.2012, 19:23
| #11 | |
| /// TB-Ausbilder | Ungewünschte Emails an Kontakte werden verschickt Also ich sehe nichts tragisches. Wir suchen noch einmal gründlich und dann wären wir schon fast durch. Schritt 1: Quick-Scan mit Malwarebytes Schritt 2: ESET Online Scanner Zitat:
Schritt 3: Windows 7 Service Pack 1 installieren
Schritt 4: Java Update (Windows XP, Vista, 7) Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.Schritt 5: Scan mit SecurityCheck Downloade Dir bitte SecurityCheck
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
04.11.2012, 20:17
| #12 |
| | Ungewünschte Emails an Kontakte werden verschickt Log-File zu Schritt 1: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.04.04 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Corinna :: CORINNA-PC [Administrator] Schutz: Aktiviert 04.11.2012 20:11:54 mbam-log-2012-11-04 (20-11-54).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 213047 Laufzeit: 3 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\Software\SogouExplorer (Adware.Sogou) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
06.11.2012, 15:00
| #13 |
| /// TB-Ausbilder | Ungewünschte Emails an Kontakte werden verschickt Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
06.11.2012, 17:21
| #14 |
| | Ungewünschte Emails an Kontakte werden verschickt Ja ich brauche noch weiter Hilfe, habe die Schritte deines letzten Posts noch nicht ganz abgeschlossen. Der Eset Online Scanner hat mir nach ziemlich langem Suchen folgendes geliefert: Code:
ATTFilter C:\Users\Corinna\Downloads\SweetImSetup.exe a variant of Win32/SweetIM.A application
Hier die Ergebnisse aus Schritt 5: Code:
ATTFilter Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 9
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0.2)
Mozilla Thunderbird (3.1.11) Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
|
|
07.11.2012, 16:46
| #15 | ||||
| /// TB-Ausbilder | Ungewünschte Emails an Kontakte werden verschickt Prima! Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich. Hinweis: Solltest du Defogger benutzt haben, kannst du jetzt re-enable drücken. Schritt 1: Combofix deinstallieren Schritt 2: Toolbereinigung mit OTL Schritt 3: AdwCleaner entfernen Schritt 4: ESET deinstallieren (Optional) Schritt 6: Mache bitte auch ein Update von Firefox und Thunderbird. Abschließend noch Tipps zu folgenden Themen:
Damit wünsche ich dir noch viel Spaß beim Surfen im Internet ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu Ungewünschte Emails an Kontakte werden verschickt |
| einiger, email, emails, geändert, immer wieder, kontakte, laufe, links, norton, passwort, passwort geändert, problem, systemscan, unerwünschte emails, ungewünschte, verschicken, verschickt, verseucht, vollständige |
Textbox.
Button.
und dann 
+ R Taste und kopiere den folgenden Text Ausführen-Fenster und klicke OK.
Linear-Darstellung
